Février 3, 2020

How to move on from a cybersecurity incident

Shane Schick

Cybersecurity incidents can cost people their jobs. Organizations can lose customers as their share price tanks. Customers’ personal and confidential information can be put at risk. And when the incident has finally been contained, there’s still a lot that happens before it’s in the rearview mirror.

A solid incident response plan begins with defining the scope of the threat, gathering data, assigning roles and beginning the remediation process. But incident response plans are about more than prevention. Make sure you don’t ignore these aspects.

 

Incident reporting

No company wants to have a press conference in the midst of a cyberattack, but they should be ready to inform third parties appropriately. This may include law enforcement, customers and even the media.

Rizwan Jan, chief information officer (CIO) of the Henry M. Jackson Foundation for the Advancement of Military Medicine, says this is where your incident reporting (IR) team needs to be extra clear about its roles and responsibilities.

“There can be a lot of speculation, and that speculation is often misinformation,” Jan cautions. “Your CIO should not be talking to the press about a data breach. If the situation were reversed, you wouldn’t want a PR person tinkering around with security tools.”

Of course, senior leaders need to be informed and consulted too, but they’re often on a plane or locked up in a meeting while an incident unfolds. Jan recommends CEOs deputize someone to handle crisis management questions — a second-in-command who can make decisions. This should be woven into the incident response plan as well.

“You always want to avoid a single point of failure,” Jan says, referring not just to IT but to response team collaboration. “You need to have a path B, C and D.”

Implementing best practices

Even the best-laid incident response plans will fail if they’re not tested with regular drills. And the nature of cyber incidents is constantly changing, which makes it even more important to ensure the plan aligns with organizational needs.

A study conducted by the Ponemon Institute earlier this year shows that 54 percent of those who have an incident response plan don’t test it. So, there may be a gap between how an organization expects it can deal with a data breach and what actually ends up transpiring.

Jan says the best way to overcome this problem is to get proper executive buy-in from the very beginning. Gather industry research about data threats in your particular industry, or highlight news coverage of competitors who’ve been hit by an attack.

“It’s a good thing to show those statistics to management to get their incident response antenna up to all the threats that are out there,” Jan explains. “That’s when your message will get out to the rest of the organization and security becomes more ingrained in your culture.”

Strengthening mobile security

The annual SANS Incident Response Survey looks at trends in how organizations handle these issues. The 2019 report showed the difference automation is making: For example, only 35 percent of those surveyed in 2019 said they manually blocked command-and-control (C2) IP addresses, compared with nearly 46 percent in 2018.

So how does a threat landscape that’s growing through the use of mobile devices change a company’s approach to incident response?

Jan looks for three things in an enterprise mobility management (EMM) solution: how well it integrates in an organization’s existing technology stack, what kind of visibility it offers into cyberthreats and what control it gives in terms of fine-tuning rules and configuration. And don’t overlook conducting a post-mortem — not a meeting filled with finger-pointing, but a genuine, constructive look at where you should optimize your incident response plan.

“We should be in the spirit of ever improving our business processes,” Jan advises. “Tie into metrics like mean time to detecting and resolving an incident. And map those metrics into industry standards. That way, you have some teeth to it, and if you have auditors come in, you’ll have a story to tell about why you’re doing what you’re doing. You will fail if you whip up [an incident response plan] out of nowhere and don’t have anything to back it up.”


Samsung Knox fills the gaps

Not all cyber incidents involve mobile devices, but for those that do, an important part of the remediation process is looking at the extent to which data on a smartphone, for instance, connects back to the network. This is obviously much easier if you already have an EMM solution in place, as the solution can help you quickly identify which devices need to be addressed and even consider future points of vulnerability.

Samsung’s Knox platform and supporting services can be a linchpin in helping organizations bring their IR plan together, offering the ability to configure, monitor and secure mobile devices against a wide range of cyber threats.

To learn more about building an incident response plan for your business, download our free whitepaper.

 

[Icon] fermer

Lancez-vous avec Samsung Knox

[Icon] valise
Êtes-vous un revendeur, un fournisseur de solutions ou un fournisseur de services ?

Devenez un partenaire Knox et développez votre entreprise aujourd'hui.

[Icon] infos

Pour commencer, sélectionnez un produit Knox :

Pack tout-en-un
Knox Suite
Rebranding et personnalisation
Knox Configure
Protection contre la fraude et le vol
Knox Guard
Programme de protection des appareils
Samsung Care+ for Business
Autres produits et services

Démarrez avec

[Image] Knox Suite

Pack de solutions tout-en-un pour la mobilité des entreprises.

  • Obtenez un essai gratuit de 90 jours pour jusqu'à 30 appareils.
  • Un ensemble complet d'outils pour sécuriser, déployer, gérer et analyser les appareils de votre entreprise.
  • Essayez des fonctionnalités puissantes réunies dans Knox Suite.

Knox Suite inclut:

Knox Mobile Enrollment Gratuite
Knox Manage
Knox E-FOTA
Knox Asset Intelligence
Knox Platform for Enterprise Gratuite
Assistance à distance Knox
Knox Capture
Knox Authentication Manager

Démarrez avec

[Image] Logo Knox Configure

Donnez une nouvelle image à vos appareils Samsung et personnalisez-les.

  • Obtenez un essai gratuit de 90 jours pour jusqu'à 30 appareils.
  • Configurez à distance tous vos appareils Samsung et personnalisez-les immédiatement pour répondre au mieux à vos besoins spécifiques
  • Configurez vos appareils pour un déploiement unique, ou mettez-les à jour autant que vous le souhaitez.

Démarrez avec

[Icon] Logo Knox Guard

Protection contre la fraude et le vol pour les appareils Samsung.

  • Obtenez un essai gratuit de 90 jours pour jusqu'à 30 appareils.
  • Réduisez les risques financiers et protégez vos actifs en contrôlant vos appareils Samsung à distance.
  • Testez toutes les fonctionnalités de Knox Guard, y compris le contrôle de carte SIM et le verrouillage des appareils.

Démarrez avec

[Image] Logo Samsung Care Plus For Business

Programmes de protection de vos appareils Samsung.

  • Limitez les interruptions des activités de l'entreprise avec des réparations et des remplacements rapides des appareils. Contactez l'équipe commerciale Samsung pour vous lancer.
  • Visualisez la couverture de tous vos appareils et demandez des informations, le tout via une plate-forme unique.
  • Vous avez acheté Samsung Care+ for Business ? Créez un compte et activez votre forfait sur la console Samsung Care+ for Business.

Autres produits et services

[Image] Logo autres

Des solutions modernes pour répondre à vos besoins uniques.

  • Bénéficiez d'une assistance technique efficace grâce à un gestionnaire de compte dédié avec Enterprise Tech Support.
  • Créez des appareils sur mesure pour votre entreprise grâce à Samsung Software Customization Services.
CONTACTER LE SERVICE COMMERCIAL